Cyber-secure OS targets control systems

01 March, 2017

After 14 years of development, the cyber-security specialist Kaspersky Lab has launched a secure operating system for industrial control systems, network devices and the IoT (Internet of Things). Called KasperskyOS, the system has been built from scratch and is designed to minimise the risk of undocumented functions, thus thwarting the threat of cyber-attacks.

The secure-by-design operating system, based on a newly-developed microkernel, is aimed at embedded systems and IoT devices with strict cyber-security requirements. Rumours of the OS first emerged last year. Kaspersky is hoping to interest OEMs, systems integrators and software developers in three key sectors: industrial; telecoms; and automotive.

“We knew from the very beginning that designing our own operating system would be a huge undertaking – a project that would require vast resources for many years before it could be commercialised,” recalls Kaspersky Lab’s chairman and CEO, Eugene Kaspersky. “Today we see clear demand for strengthened security in critical infrastructure, telecoms and the finance industry, as well as in both consumer and industrial IoT devices.

“In the beginning it was a risky investment that no other security vendor had the courage to make,” he continues. “But today, thanks to our efforts, we have a product that provides the maximum possible level of immunity against cyberattacks.”

In a blog on the subject, Kaspersky stresses that the new OS is unlike conventional systems such as Windows and Linux where compatibility and universality are vital requirements. “When it comes to our target audiences – hardware developers, Scada systems, IoT and so on – this approach is no-go: what matters here is security.

“In simple words, it’s a system that does what it’s instructed, and is unable to do anything else,” he continues. “With traditional operating systems, that’s impossible.”

“The system will only do the things you want it to. Thus adversaries won’t even be able to take advantage of a bug in an app created for the OS.”

There have been other attempts to create secure operating systems, but they have either been extremely expensive or academic exercises. “No project has ever reached the stage of full-scale deployment or commercialisation,” Kaspersky contends.

“With some applications, even the smallest risk of a cyber-attack is a disaster,” he points out. “When security has to be guaranteed, we have to build something new. Something that is secure by design.”

Eugene Kaspersky with a Kraftway router powered by the new OS: what matters is security

In response to suspicions that the OS will collect data surreptitiously, Kaspersky points out that the kernel “does not transmit anything anywhere – this can be checked easily by looking at the source code”.

The OS has already been implemented in several applications including:

• a specialised PLC from the German systems integrator, BE.Services;

• a secure network router from the Russian systems integrator, Kraftway; and

• strengthened security for Sysgo’s PikeOS real-time operating system (using a version of KasperskyOS, called Kaspersky Security System, which enhances the security of conventional operating systems).

Kaspersky Labs admits that it cannot guarantee complete immunity from cyber-attacks. “There is no such thing as 100% security,” concedes Andrey Nikishin, its head of future technologies business development, “but KasperskyOS guarantees our customers the first 99%.” He points out that any attempts to inject a malicious payload will not be executed. “KasperskyOS is therefore immune from the typical cyber-threat agenda of today.”